This page will list all the SAML2 attributes that SURFconext and their Identity Providers identity providers have to offer. An attribute is a characteristic that describes a user. It is a 'name:value' pair. The attributes included in the SAML assertion correspond to certain attributes a service provider needs to work properly. In general they are needed to:
- Convey user information from the Identity identity provider or (IdP) to the service provider (SP)
- Create an account for the user at the service provider
- Authorize specific services at the service provider
Now, when a user logs in to a Service Providerservice provider, SURFconext sends a SAML assertion to the Service Provider service provider via the browser of the user, that contains a:
- User identifier. All services receive these and are either a Transient or Persistent NameID a transient or persistent NameID (chosen via SP Dashboard).
and Additional attributes. These are optional and differ per Service per service.
| Note |
|---|
SURFconext's SAML2 implementation adheres to the SAML2int standard 0.2.1. The header on the link above states that work on saml2int has moved to Kantara Initiative. Until further notice, the SAML2int standard SURFconext adheres to remains at 0.2.1. |
| Note | ||
|---|---|---|
| ||
For content providers, SURFconext (in consultation with the partnership of the Dutch university libraries and the Koninklijke Bibliotheek (UKB), Hogeschoolbibliotheken (SHB)) applies a separate attribute release policy. The following are allowed:
|
...